This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, tvOS 18.1. Restoring a maliciously crafted backup file may lead to modification of protected system files.
History

Wed, 06 Nov 2024 14:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:iphone:*
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 30 Oct 2024 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 30 Oct 2024 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Apple tvos
Apple visionos
Weaknesses CWE-59
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os
Apple tvos
Apple visionos
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H'}


Mon, 28 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
Description This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, tvOS 18.1. Restoring a maliciously crafted backup file may lead to modification of protected system files.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published: 2024-10-28T21:07:58.858Z

Updated: 2024-11-06T13:41:03.333Z

Reserved: 2024-08-20T21:45:40.786Z

Link: CVE-2024-44258

cve-icon Vulnrichment

Updated: 2024-10-30T19:56:35.809Z

cve-icon NVD

Status : Modified

Published: 2024-10-28T21:15:07.083

Modified: 2024-11-06T14:35:02.583

Link: CVE-2024-44258

cve-icon Redhat

No data.